My remote users could not login to terminal server anymore, they received an error on the RPC server.
After some digging I found thatL:
Server Management > Advanced Management > Group Policy Management > .... > Group Policy Objects > Small Business Services Auding Policy
Was set to: User Configuration Settings Disabled.
When I switched it to enabled they were able to login again.
I don't know if this setting was changed by someone, or maybe it needs to be on "User Configuration Settings Disabled".
By changing it to enabled did I compromise security? What could have caused this to happen in the first place?
I realize more information is needed to diagnose, just let me know what is needed and I will post. Thanks!